GENERAL PRIVACY NOTICE
This privacy notice is designed to tell people about how Hull City Council processes personal information. This is a key requirement of the Data Protection Act and the General Data Protection Regulations.
This is our general privacy notice, specific privacy notices with more details about specific services are available upon request.
A Data Controller is an organisation or an individual who determines the purposes and the manner in which personal data is processed. Processing can be taken to means ‘doing something’ with data.
Hull City Council is registered as a data controller with the Information Commissioner’s Office (registration number – Z6005621)
As a public authority we are required to have a Data Protection Officer and you may contact them for more information or with any concerns about how your personal information is being used –
Hull City Council
Data Protection Officer
Telephone – 01482 300 300
Email – email@example.com
Purpose of processing personal information
The council delivers services to the public as a public authority. In order to do this, we often need to collect and use personal information about you. We must always have a lawful condition for processing your personal data and be fair and transparent with you about how we do so.
We need to collect and hold information about you to –
- contact you, by various methods in order to provide services
- deliver public functions, including law enforcement functions such as licensing, collection of council tax and business rates, planning enforcement and trading standards
- process financial transactions including grants, payments and benefits involving the council, or where we are acting on behalf of other government bodies such as The Department of Work and Pensions
- manage contractual relationships as an employer, a landlord or where we buy or provide services
- protect individuals from the risk of harm or injury
- help us monitor our services and plan improvements and efficiencies
- prevent and detect fraud and corruption and inappropriate use of public funds
- make sure we meet our statutory obligations including those related to equality and diversity, and health and safety
- allow statistical analysis of data (that you cannot be personally identified from) so we can target and plan the provision of services
Wherever possible we will be open and transparent with you about how we use your personal data and who it is shared with.
Categories of personal data
We process personal information to deliver functions including but not limited to –
- Adult and children’s social care
- Human Resources
- Legal and Democratic
- Revenues and Benefits
- Customer Services
- Public Protection
- Public Health
This includes special categories of information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and data concerning health or sex life.
To ensure that the council provides you with an efficient service we will sometimes need to share your information between Council departments as well as with our partner organisations that support the delivery of the service you may receive, for example –
- other Councils
- NHS/their contracted providers
- Fire Service
- voluntary organisations
- government departments
We will also need to supply your information to people and organisations we have contracted to provide a service to you.
We will only ever share your information if we are satisfied that our partners or suppliers have sufficient technical and organisational measures in place to protect your information and we have contracts in place.
Before sharing information the council will ensure that –
- Data Protection Impact Assessments are completed as necessary to assess any risks or potential negative effects of the sharing
- Privacy Notices are up to date to inform people about sharing, where necessary
- Technical safeguards such as encryption and access controls are in place to keep information secure
- Information Sharing Agreements are completed, detailing the procedure and expectations of the people involved in the sharing
Details of transfers to third country and safeguards
Your personal and sensitive data will only be stored and processed on servers based within the European Economic Area (EEA). We will only transfer your personal information overseas where there is a specific requirement or law to do so and we will ensure all processing complies with the requirements of the Data Protection Act and the GDPR.
National Fraud Initiative (NFI)
We are also required to participate in the National Fraud Initiative (NFI). This is a data matching exercise organised by the government, every Council in England is required to provide particular sets of data to the Minister for the Cabinet Office. Data matching exercises are carried out by the government with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. This does not require the consent of the individuals concerned under the General Data Protection Regulation.
Your rights and retention periods
You have certain rights under the General Data Protection Regulations (GDPR), these are the right –
- to be informed about how we use your personal data via Privacy Notices like this one.
- to withdraw your consent at any point where we are relying solely on your consent as the legal basis to process your data.
- of access to any personal information the council holds about you. To request a copy of this information you must make a subject access request in writing
- of rectification – we must correct inaccurate or incomplete data within one month
- to erasure – you have the right to have your personal data erased and/or prevent processing unless we have an overriding legal basis or legal requirement
- object – you can object to your personal data being used for profiling, direct marketing or research purposes
- data portability – where you have provided information to us online through a web portal or automated process and we are processing it with your consent or to provide you with a service you may ask us for a copy of your personal data in a structured, commonly used format
You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.
If you want to exercise any of these rights, please contact us at –
Information Governance Team
Hull City Council
Alfred Gelder Street
Email – firstname.lastname@example.org
It may not always be possible to fulfil your request where it is necessary to hold or process information to comply with a legal requirement or we have a legitimate legal basis.
We will only keep your information for as long as necessary. The retention period is either dictated by law or our legitimate requirements. Once your information is no longer needed it will be securely and confidentially destroyed. Service and project specific retention periods can be found in our service and project specific privacy notices.
If you email us, we may store all or part of the details from the email on our computer systems. We do not routinely retain all emails we receive, for storage emails are moved onto specific service area data systems or folders on our IT network.
All calls to our contact centre are recorded. Audio recordings are only used for the purposes stated on our privacy notices and in accordance with the principles of the Data Protection Act. This includes employee training.
CCTV systems are installed in public areas across the city for public safety and the prevention and detection of crime. Signs notifying you that CCTV is in operation are displayed at the boundary and across the city.
Breaches, complaints, comments and compliments
Information security breaches
Should you wish to report an information security breach please contact us either by telephone on 01482 300 300 or email at email@example.com.
If you are dissatisfied with how the council have handled your complaint about your personal data, you may contact the Information Commissioner’s Office.
The Information Commissioner
Telephone – 08456 30 60 60